Jones Day Breached by Silent Ransom Group — Client Data Leaked After $13M Ransom Refused

Summary

Global law firm Jones Day has confirmed a cyberattack by the Silent Ransom Group (also known as Luna Moth / Chatty Spider), marking the firm’s second major cyber incident after the 2021 Accellion breach. The attackers used social engineering — specifically phishing targeted at IP litigator Greg Castanias — to gain access to the firm’s systems and exfiltrate files belonging to 10 clients.

After Jones Day refused to pay a $13 million ransom demand, the Silent Ransom Group posted the stolen data online on March 30, 2026. The leaked materials reportedly include sensitive client documents and records of internal negotiations. All 10 affected clients have been notified, though their identities remain undisclosed.

The FBI has previously issued warnings about the Silent Ransom Group specifically targeting law firms, noting that legal industry data is an especially high-value target due to attorney-client privilege protections that make the information particularly damaging when exposed.

Source

ABA Journal · Legal Cheek · Above the Law

Commentary

Law firms remain embarrassingly soft targets for social engineering. They handle some of the most sensitive data in existence — M&A negotiations, patent portfolios, litigation strategy — yet their security culture often lags decades behind their billing rates. Getting phished for the second time in five years is not a great look for a firm of Jones Day’s caliber.

The Silent Ransom Group’s playbook is simple and effective: phish a specific lawyer, exfiltrate privileged data, then weaponize the confidentiality of attorney-client communications as leverage. The $13M demand was probably calculated against the reputational damage of exposure. Jones Day’s refusal to pay is the right call, but the leaked data is the real damage — and it’s already out there.